Low Microsoft MFA Usage a Growing Concern

by | Jun 6, 2023

In an era where cybersecurity threats are more prevalent than ever, it’s concerning that only 28% of users authenticated with Microsoft MFA monthly. While that number is up from 22% the year prior, it continues to highlight a significant gap in security practices. Despite Microsoft’s commitment to providing users with easy-to-use security options, many people have yet to embrace MFA fully.  

The slower adoption has also created a lot of questions among IT experts, ranging from a widespread lack of awareness to employee indifference. The cause is likely a mixture of different elements, making it difficult to create a solution that satisfies every group. While Microsoft MFA is important, telling people who already know that only acts as a reminder and little else. The goal is to engage the people who aren’t using it, which means understanding why that is and developing strategies to make it easier for them.

Why Microsoft MFA is Important

Whether done through Microsoft or elsewhere, Multi-Factor Authentication (MFA) has become a crucial part of modern cybersecurity strategies. Businesses and users alike store valuable information on their online accounts. While the internet is convenient for accessing accounts from anywhere, it also gives the same access to hackers worldwide. With data breaches being commonplace, even strong passwords may not be secure enough.

However, adding just one additional security factor through Microsoft MFA can prevent 99.9% of attacks. That’s because most attacks rely on having only stolen one factor, such as login credentials. Without access to the second factor, the stolen details have no value. It also gives cybersecurity teams more time to detect and counteract unauthorized login attempts.

Cybersecurity Awareness Is an Ongoing Challenge

Many people fall into the trap of assuming if it hasn’t happened to them, there’s no point in doing anything different. Cyber attacks are an example of that, where many people ignore the threat until the damage is already done. Awareness isn’t just about keeping people informed; it’s overcoming the perceived lack of need. People who think cyber threats are exaggerated and don’t need solutions like MFA may continue to resist using it. Reaching out to people stuck in that mindset continues to be an IT security challenge.

Employee Burnout May Be Causing Security Indifference

When employees work hard, are stressed, and are tired, their ability to maintain good security practices can drop. That can breed a sense of indifference where they’re too tired to care about the consequences of security risks. They may bypass optional measures, like Microsoft MFA, to save time and have one less thing to think about. There may also be a disconnect between personal choice and how that can impact others negatively.

Some People Aren’t Comfortable With Technology

Technology has made massive advances over the past few decades. What was normalized in the workplace in the 1980s looks completely different in the 2020s. With a 41% employment rate for those 55 and over, that age group has felt the workplace shift the most. Even for younger generations, the pace of technology changes can be hard to manage, especially if not raised in a tech-heavy environment. That’s made many uncomfortable with not only Microsoft MFA but new devices, software, cyber threats, and technology in general.

Companies Must Better Communicate MFA Importance

As a result of that discomfort, companies need to develop new and better ways to communicate with staff. People already using and understanding Microsoft MFA aren’t the target here. Resources should be designed to reach those who are struggling to use it or are unaware it’s a good option. Making it mandatory can help but won’t completely fix the problem. Education, approachability, and patience are all good things. Don’t punish employees who need extra time to get the hang of it; MFA is too valuable to take lightly.

Making Microsoft MFA Mandatory Can Boost Usage Rate

The best way to ensure everyone uses Microsoft MFA is to make it mandatory. That can cause some short-term challenges, as those who struggled with it before may continue to do so. However, that lets companies better target their resources towards people who need help with the process. If someone can log into an account, they can learn to use MFA. It can be as simple as entering their login credentials, checking their phone for a passcode via text, and typing that. Some just need help getting it set up and pointed in the right direction.

Simpler MFA Solutions Are Easier To Embrace

While the term multi-factor authentication might imply that more factors are better, that isn’t always what’s best. Realistically, two factors provide the bulk of the protection, with additional ones beyond that having diminishing returns. With only 13% of SMBs requiring staff to use MFA, it should be simple to use and easy to understand to ensure it’s not inconvenient. When it’s optional, the more complex the process, the higher the chance people will stop using it.

Managed Service Providers Can Help With Microsoft MFA 

There are a lot of challenges that contribute to businesses struggling to integrate Microsoft MFA. However, managed service providers (MSPs) can be key in supporting the process. With their expertise in handling complex IT infrastructure and helping customers of all skill levels, they can provide guidance every step of the way. They can ensure it’s set up correctly, audit usage, and check for other cybersecurity risks. That makes them a valuable partner for keeping data and assets safe.


The underuse of Microsoft MFA remains an ongoing issue within today’s cybersecurity landscape. While the overall adoption rate has increased, the fact it remains so low has caused growing concerns over how many businesses are still vulnerable. The challenge goes beyond a lack of awareness; it involves deeper issues. That includes discomfort with fast-changing technology, employee burnout, and ineffective strategies for increasing usage.

Despite the hurdles, there are some solutions that businesses can try. That includes making MFA mandatory, using simpler methods, and enlisting the help of a managed service provider. These approaches, combined with a little extra support and patience, can significantly bolster MFA adoption. Ultimately, the goal is to ensure a safer digital work environment by reducing cybersecurity risks and protecting valuable business data.

Get IT Support